- From: Greg Norcie <gnorcie@cdt.org>
- Date: Fri, 29 Jul 2016 11:55:46 -0400
- To: Greg Norcie <norcie@cdt.org>
- Cc: Nick Doty <npdoty@ischool.berkeley.edu>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7Ynj_UP=10L+LZ71Cro-Qmh=afbB5CaH1ftX_zs0f-yuA@mail.gmail.com>
Though we're ramping up for Defcon, so it may have to wait until I return in in a couple weeks. /********************************************/ Greg Norcie (norcie@cdt.org) Staff Technologist Center for Democracy & Technology District of Columbia office (p) 202-637-9800 PGP: http://norcie.com/pgp.txt /*******************************************/ On Thu, Jul 28, 2016 at 12:17 PM, Greg Norcie <gnorcie@cdt.org> wrote: > I'll take a look, and if not craft some questions to make sure they're hit > on. > > > /********************************************/ > Greg Norcie (norcie@cdt.org) > Staff Technologist > Center for Democracy & Technology > District of Columbia office > (p) 202-637-9800 > PGP: http://norcie.com/pgp.txt > > /*******************************************/ > > On Wed, Jul 27, 2016 at 10:32 PM, Nick Doty <npdoty@ischool.berkeley.edu> > wrote: > >> Here are three common features or feature requests that have, in addition >> to other privacy issues, potential problems with correlation across >> origins, browsers or devices. I think we should establish guidance on these >> points in one of our common documents so that we can point people to it. >> >> * Simultaneously-triggered events >> >> APIs that allow for subscribing to events also introduce the possibility >> of correlating a user's activity across tabs, across origins or across >> browsers. (I've noted this before, apologies for repetition.) I believe the >> typical advice is to only trigger events for the front-most browsing >> context or to fuzz the timing; given that we have typical advice, we should >> have that written up somewhere. >> >> >> * Access to sensors or device data >> >> The Generic Sensor API is already getting into this, I believe. Since >> sensors typically give information about the world around the device, the >> data is inherently cross-origin and can enable unexpected correlations. >> Data on the device may be the same way -- in addition to the privacy issues >> with accessing my calendar appointments or my contact database, a site can >> also determine that I'm the same person if I share that information with >> more than one page. >> >> >> * Permanent, hardware identifiers: >> >> I think we should state that this is typically incompatible with the >> Web's privacy model. Access to an unchangeable identifier or hardware key >> means clearing cookies does not affect the capability of correlating user >> activity. >> >> >> >> Greg, do we have these anywhere in the privacy questionnaire? >> >> The permanent identifiers could also be discussed in the Mitigating >> Browser Fingerprinting doc, as we already have a section there on clearing >> local state, but it's been noted that that might be extending beyond >> fingerprinting, so perhaps it'll be moved to the more general privacy >> questionnaire anyway. >> >> Thanks, >> Nick >> > >
Received on Friday, 29 July 2016 15:56:41 UTC